Calling an API can be authenticated using either of the following methods:
- Authentication using tokens: General requests are authenticated using tokens.
- Authentication using AK/SK: Requests are encrypted using access key ID (AK)/secret access key (SK). Authentication using AK/SK is recommended because it provides higher security than authentication using tokens.
Authentication Using Tokens
The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the API.
A token specifies certain permissions in a computer system. Authentication using a token adds the token in a request as its header during API calling to obtain permissions to operate APIs.
In Making an API Request, the process of calling the API for obtaining a user token is described as an example. After obtaining the token, add the X-Auth-Token header in a request to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., add X-Auth-Token: ABCDEFJ.... in a request as follows:
POST https://iam.cn-north-1.myhuaweicloud.com/v3/auth/projects Content-Type: application/json X-Auth-Token: ABCDEFJ....
Authentication Using AK/SK
Authentication using AK/SK supports API requests with a body not larger than 12 MB. For API requests with a larger body, authentication using tokens is recommended.
In authentication using AK/SK, AK/SK is used to sign a request and add the signature in a request as its header for authentication.
- AK: access key ID, which is a unique identifier associated with a secret access key and is used in conjunction with a secret access key to sign requests cryptographically.
- SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.
The signature SDK only supports signature, which is different from the SDKs provided by services.